Commit graph

114 commits

Author SHA1 Message Date
June faffcb7d54
spaceapi: remove inside sensors for privacy reasons 2024-08-04 21:05:43 +02:00
June 1ffc959ce3
Update spaceapid to v0.1.0 2024-08-04 21:03:29 +02:00
June 028b5dc9e8
Configure Uptime-Kuma host 2024-08-04 02:19:26 +02:00
June b30015fee1
Clean up networking configs by making them all use the same layout
Also use the v6 gateway as a nameserver as well for the esphome host.
2024-07-30 01:17:05 +02:00
June e88982d7c7
Give esphome a static v6 and get cert directly via chal. served over v6
Give the host a static v4 as well.
Also let the nginx redirect from the hosts FQDN to the service domain.
2024-07-27 22:24:54 +02:00
June a2102b064f
Fix container registry image uploads for git server
Do this by disabling checking of client request body size.
2024-07-27 21:05:58 +02:00
June a271fddff8
Switch from deprecated extraConfig to settings for phpfpm.pools.dokuwiki 2024-07-15 02:44:37 +02:00
June 7058ec3582
Make passwordless ssh for ptouch-print-server work again
Now (with NixOS 24.05) pam.services.sshd.allowNullPassword needs to be
set to true for passwordless ssh to work apparently.
2024-06-30 21:12:28 +02:00
June 026e47d055
Last commit didn't do, switching to Docker instead of podman does 2024-06-22 18:06:39 +02:00
June be7f6e4917
Fix clone step failing, because git.hamburg.ccc.de could not be resolved 2024-06-22 17:11:11 +02:00
June f5432bd682
Use an agent token for Woodpecker agent to stop it from re-registering
With the shared system token, every time the Woodpecker host would
restart, a new Woodpecker agent registration would be created, because
the agent receives a unique ID on first connection using the system
token, which it couldn't store however, because it doesn't have a
writable config file in NixOS.
Use an agent token now, which doesn't require the agent to store a
unique ID in a wrtiable config, therefore not making it re-register.

Also see:
https://woodpecker-ci.org/docs/administration/agent-config#agent-registration
2024-06-22 16:26:58 +02:00
June 1aff46745a
Disable mjolnirs verbose logging to have it not spam the management room 2024-06-22 16:07:01 +02:00
June df17b25009
Add woodpecker host running a woodpecker-server and -agent for CI 2024-06-22 04:20:38 +02:00
June 3059843e1a
Add mjolnir host running mjolnir for Matrix moderation
Also see:
https://wiki.hamburg.ccc.de/infrastructure:services:mjolnir
2024-06-20 23:45:44 +02:00
June f3f5d5a611
Use forgejo package from stable (24.05) instead of from unstable 2024-06-20 04:12:42 +02:00
June 33599951ef
Upgrade to NixOS 24.05
Also bump the default state version to 24.05.

See the release notes of the 24.05 release for more information:
https://nixos.org/manual/nixos/stable/release-notes#sec-release-24.05
2024-06-17 20:59:03 +02:00
June 6411ae8b80
Add hacker.tours and a staging env. similar to the CCCHH website one 2024-06-13 22:53:06 +02:00
christian b30952a049
Add mqtt server (mosquitto)
The config was based on the exsisting mosquitto setup.
2024-06-11 23:03:57 +02:00
fi 8a2d406d4e
Bump element-web to 1.11.68 2024-06-09 22:51:42 +02:00
echtnurich 22eff92488 add yate service for autostart 2024-06-09 21:13:14 +02:00
June bc98327cda
Add ssh-to-age to the admin tooling 2024-06-09 21:10:19 +02:00
christian 579b63fe89
Update authorizedKeysRepo rev in common/users.nix
to add echtnurich secondary device key
2024-06-08 21:39:24 +02:00
June ef1710b09f
Configure basic yate host 2024-06-08 20:18:59 +02:00
June 9d7f9d0ec8
Emulate aarch64-linux on nix-box-june to be able to build aarch64 pkgs 2024-06-06 20:17:00 +02:00
June 41f04732c2
Switch from colmena to standard nixosConfigurations
Those can then be deployed using for example nixos-rebuild or bij.
Also ensure all hosts have an fqdn, where possible, in order for bij to
be able to work with them more easily. Tho not really, since for actual
deployment one still needs to set the target manually to set usage of
the colmena-deploy user.

https://git.clerie.de/clerie/bij
2024-05-27 01:43:53 +02:00
June a7541eefa8
Add tools and other stuff for a more comf. admin enviorn. on the hosts 2024-05-26 18:32:55 +02:00
June 58ec317b02
Use IP address for eh22-wiki, which isn't already in use 2024-05-26 18:00:20 +02:00
June 7c7da0db05
Add a nix box managed by June
Every admin can login as its own user with the keys listed here:
https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/src/branch/trunk/authorized_keys
2024-05-26 14:39:28 +02:00
June 3aae597752
Switch the public-web-static hosts secret mngmt from colmena to sops-nix 2024-05-26 03:49:43 +02:00
June dc439abefe
Switch the netbox hosts secret management from colmena to sops-nix 2024-05-26 03:14:31 +02:00
June 154edc1972
Switch the matrix hosts secret management from colmena to sops-nix 2024-05-26 03:01:34 +02:00
June 361ccac69f
Switch the forgejo-actions-runners secret mngmt from colmena to sops-nix 2024-05-26 02:50:08 +02:00
June 88e3da11a6
Introduce sops and sops-nix for secret management
Use the GPG keys used for the password-store noc directory for the admin
keys.
Switch the git hosts secret management from colmena to sops-nix.

https://github.com/getsops/sops
https://github.com/Mic92/sops-nix
2024-05-25 16:47:34 +02:00
June 475ab8cc66
Configure EH22 Wiki 2024-05-17 20:42:48 +02:00
June 14bbdea9dc
Add MPD to audio service module 2024-04-23 19:12:16 +02:00
June bc6af32a36
Update spaceapid to latest commit and use correct logo URL 2024-04-15 17:07:50 +02:00
June c97f169b77
Add print server for label printer to have it easily usable via SSH
Add and configure a print server for the Brother P-touch QL 500 label
printer, so that it can be easily used via SSH.

Do the following to make that work:
- Configure the print server host.
- Package printer-driver-ptouch to have a working driver for the label
  printer.
- Configure CUPS.
- Add a script "forcecommand-lpr-wrapper", which works together with the
  ForceCommand sshd_config option and wraps lpr to provide an easy
  interface to use the Brother QL 500 label printer via SSH.
- Add a print user and configure SSH to have the
  "forcecommand-lpr-wrapper" script accessible without a password using
  the print user via SSH.
2024-04-14 18:46:51 +02:00
christian 6a0218c132
Serve old easterhegg pages from public-web-static.
The old easterhegg pages from 2003, 2005, 2007, 2009, 2011 are served on the
easterhegg.eu domain and all old subdomains under hamburg.ccc.de
redirect to the corresponding pages under easterhegg.eu
2024-03-29 16:16:13 +01:00
June 1ad6ac9dc0
Run "nix fmt" to format this entire flake 2024-03-06 22:50:32 +01:00
fi a5a994f87f
Bump element-web to 1.11.59 2024-03-02 17:22:15 +01:00
June 7ab1563c88
Add entry to public-reverse-proxy for acme challenge for light-werkstatt 2024-03-02 15:40:55 +01:00
fi d8d0236870
Fix indentation 2024-01-28 22:03:15 +01:00
fi 2ae1ad3604
Configure matrix server .well-known delegation 2024-01-28 21:59:08 +01:00
fi 4c0decea4a
Update element-web to 1.11.55 2024-01-28 05:05:53 +01:00
June e18b840d20
Enable offline mode for Forgejo to disable use of CDN and Gravatar 2024-01-24 20:17:59 +01:00
June a0e92ff92a
Give Git an IPv6 2024-01-23 23:24:20 +01:00
June 7ce5c934df
Redirect old feed location to new one for CCCHH website 2024-01-23 19:57:20 +01:00
June c83f1faaa7
Use custom 404 page for hamburg.ccc.de 2024-01-22 23:32:00 +01:00
June 1dd8651bda
Update wiki links to point to wiki.hamburg.ccc.de 2024-01-22 23:15:03 +01:00
June 394f4fe562
Deploy new website under hamburg.ccc.de
Make next.hamburg.ccc.de hamburg.ccc.de and add redirects to handle URLs
of the old website deployment properly.
Also redirect the old spaceapi endpoint to the new one.

Add staging.hamburg.ccc.de for hosting upcoming changes (PRs).
Also give it a robots.txt, since its contents don't need to show up in
search engines.

Add www.hamburg.ccc.de and let it redirect to hamburg.ccc.de.
2024-01-22 23:08:38 +01:00